Lucene search
Veracode Vulnerability DatabaseVERACODE:42954HistoryAug 25, 2023 - 3:54 a.m.
Locally Encrypted File Disclosure
2023-08-2503:54:47
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
16
activesupport
vulnerability
locally encrypted
file
disclosure
temporary file
permissions
umask
attacker
system
ActiveSupport is vulnerable to Locally Encrypted File Disclosure. The vulnerability exists because the library’s temporary file’s permissions default to the user’s current umask settings, which allows an attacker on the same system to read the contents of the temporary file before it gets encrypted to disk.
Related
github
github
Active Support Possibly Discloses Locally Encrypted Files
2023-08-23 20:36:24
redhatcve
redhatcve
CVE-2023-38037
2023-08-31 12:12:59
cgr
cgr
CVE-2023-38037 vulnerabilities
2024-05-19 03:07:16
osv
osv
Active Support Possibly Discloses Locally Encrypted Files
2023-08-23 20:36:24
CGA-x3h9-rj6j-hmh9
2024-06-06 12:29:53
ruby3.3-rubygem-activesupport-7.0-7.0.8.4-1.1 on GA media
2024-06-24 00:00:00
gitlab
gitlab
Active Support Possibly Discloses Locally Encrypted Files
2023-08-23 00:00:00
openvas
openvas
openSUSE: Security Advisory for rubygem (openSUSE-SU-2023:0350)
2024-03-04 00:00:00
rubygems
rubygems
Possible File Disclosure of Locally Encrypted Files
2023-08-22 21:00:00
debiancve
debiancve
CVE-2023-38037
2023-08-23 09:26:34
nessus
nessus
openSUSE 15 Security Update : rubygem-activesupport-5.2 (openSUSE-SU-2023:0350-1)
2023-11-05 00:00:00
RHEL 8 : Satellite 6.15.0 (Important) (RHSA-2024:2010)
2024-06-03 00:00:00
ubuntucve
ubuntucve
CVE-2023-38037
2023-09-11 00:00:00
wolfi
wolfi
CVE-2023-38037 vulnerabilities
2024-09-21 03:21:11
redhat
redhat
(RHSA-2024:2010) Important: Satellite 6.15.0 release
2024-04-23 17:00:52
Related for VERACODE:42954